logon script

TheMSsForum.com: The Microsoft Software Forum

We're looking to use a logon script in VBscript that does something like this:

If WorkstationName = "test" and the user is a member of global group "X" then
Do stuff here
end if

Anyone have a basic syntax for these actions? We're new to the scripting
stuff obviously!
Top

Re: logon script by MikeVa

MikeVa
Wed Apr 06 16:23:53 CDT 2005

The following vbscript should give you a start...

'===== BEGIN VBSCRIPT ======
On Error Resume Next
'----- Get the users name & computer name -----
Set WshNetwork = WScript.CreateObject("WScript.Network")
strUser = WshNetwork.UserName
strComputer = WshNetwork.ComputerName

'----- Find the user in AD -----
dtStart = TimeValue(Now())
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText =
"<LDAP://dc=corp,dc=mydomain,dc=com>;(&(objectCategory=User)(samAccountName=
" & strUser & "));samAccountName,ADSPath,cn;subtree"
Set objRecordSet = objCommand.Execute

If objRecordset.RecordCount = 0 Then
WScript.Echo "sAMAccountName: " & strUserName & " does not exist."
Else
'----- Get the CN of the user -----
strUserPath = objRecordset("ADSPath")
strUserCN = objRecordset("cn")
End If
objConnection.Close

'----- Define group to check membership in -----
strGrp = LDAP://CN=GroupX,OU=Groups,DC=corp,DC=mydomian,DC=com
Set objGroup = GetObject (strGrp)
objGroup.GetInfo
arrMemberOf = objGroup.GetEx("member")

For Each strMember in arrMemberOf
If InStr(strMember,strUserCN) And UCase(strComputer) = "TEST" Then
' user is a member of the group and computername matches
' Perform actions here
End If
Next
'===== END VBSCRIPT ======

You might also be able to do this easier via a batch file using the
%COMPUTERNAME% variable and IFMEMBER.EXE from the ResKit
For info on IfMember:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/ifmember-o.asp

--
MikeVa [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
--
Please do not send e-mail directly to this alias.
This alias is for newsgroup purposes only.
--
"Sam" <Sam@discussions.microsoft.com> wrote in message
news:B89A7227-A9D5-4BCC-868F-0F6D2A93C121@microsoft.com...
> We're looking to use a logon script in VBscript that does something like
this:
>
> If WorkstationName = "test" and the user is a member of global group "X"
then
> Do stuff here
> end if
>
> Anyone have a basic syntax for these actions? We're new to the scripting
> stuff obviously!


Top

Re: logon script by markxgzhang

markxgzhang
Sat Apr 09 05:35:18 CDT 2005

Hi MikeVa,
Is there a way to get a user's group membership directly from the User
Object instead of searching the group object?
Thanks
"MikeVa [MSFT]" <mikeva@online.microsoft.com> wrote in message
news:%23QsHy7uOFHA.2748@TK2MSFTNGP09.phx.gbl...
> The following vbscript should give you a start...
>
> '===== BEGIN VBSCRIPT ======
> On Error Resume Next
> '----- Get the users name & computer name -----
> Set WshNetwork = WScript.CreateObject("WScript.Network")
> strUser = WshNetwork.UserName
> strComputer = WshNetwork.ComputerName
>
> '----- Find the user in AD -----
> dtStart = TimeValue(Now())
> Set objConnection = CreateObject("ADODB.Connection")
> objConnection.Open "Provider=ADsDSOObject;"
> Set objCommand = CreateObject("ADODB.Command")
> objCommand.ActiveConnection = objConnection
> objCommand.CommandText =
> "<LDAP://dc=corp,dc=mydomain,dc=com>;(&(objectCategory=User)(samAccountName=
> " & strUser & "));samAccountName,ADSPath,cn;subtree"
> Set objRecordSet = objCommand.Execute
>
> If objRecordset.RecordCount = 0 Then
> WScript.Echo "sAMAccountName: " & strUserName & " does not exist."
> Else
> '----- Get the CN of the user -----
> strUserPath = objRecordset("ADSPath")
> strUserCN = objRecordset("cn")
> End If
> objConnection.Close
>
> '----- Define group to check membership in -----
> strGrp = LDAP://CN=GroupX,OU=Groups,DC=corp,DC=mydomian,DC=com
> Set objGroup = GetObject (strGrp)
> objGroup.GetInfo
> arrMemberOf = objGroup.GetEx("member")
>
> For Each strMember in arrMemberOf
> If InStr(strMember,strUserCN) And UCase(strComputer) = "TEST" Then
> ' user is a member of the group and computername matches
> ' Perform actions here
> End If
> Next
> '===== END VBSCRIPT ======
>
> You might also be able to do this easier via a batch file using the
> %COMPUTERNAME% variable and IFMEMBER.EXE from the ResKit
> For info on IfMember:
> http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/ifmember-o.asp
>
> --
> MikeVa [MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> Use of any included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
> --
> Please do not send e-mail directly to this alias.
> This alias is for newsgroup purposes only.
> --
> "Sam" <Sam@discussions.microsoft.com> wrote in message
> news:B89A7227-A9D5-4BCC-868F-0F6D2A93C121@microsoft.com...
>> We're looking to use a logon script in VBscript that does something like
> this:
>>
>> If WorkstationName = "test" and the user is a member of global group "X"
> then
>> Do stuff here
>> end if
>>
>> Anyone have a basic syntax for these actions? We're new to the scripting
>> stuff obviously!
>
>


Top

Re: logon script by Michael

Michael
Sat Apr 09 12:22:29 CDT 2005

markxgzhang@hotmail.com wrote:
> Hi MikeVa,
> Is there a way to get a user's group membership directly from the User
> Object instead of searching the group object?

Yes...

The (LDAP provider) user object has a memberOf property. If the user is a
member of only one group, memberOf will returna simple string. If they are
a member of mutiple groups, memberOf returns an array of strings.

Each string is a full AD distinguished name of a group. Note that the
user's default group (typically Domain Users) is not included, and that both
security and distribution groups are included (the latter if your
organization defines distribution groups in AD).

--
Michael Harris
Microsoft MVP Scripting
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Please ask follow-up questions via the original newsgroup thread.



Top

Re: logon script by billy

billy
Sun Apr 10 21:45:32 CDT 2005

this is how i would do it.

'**************************************************************************
Function UserIsMember(GroupName)
For Each Group in Groups
If LCase(GroupName) = LCase(Group.name) Then UserIsMember = True
Next
End Function
'**************************************************************************

Set WshNetwork = CreateObject("Wscript.Network")
WorkstationName = LCase(WshNetwork.ComputerName)
UserName = LCase(WshNetwork.UserName)

' Load user's group memberships into an array.
Set ADSIObject = GetObject("WinNT://" & WshNetwork.UserDomain & "/"
& UserName)
Set Groups = ADSIObject.Groups

' Do your test
If WorkstationName = "test" and UserIsMember("X") Then
' do stuff here
End If

Top